Microsoft Monthly Security Update (July 2024)

[Updated on 2024-10-23]

Updated Description, Related Links.

CVE-2024-38094 is being exploited in the wild.  An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.

 

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
Microsoft DynamicsMedium Risk Medium RiskInformation Disclosure 
WindowsHigh Risk High RiskElevation of Privilege
Security Restriction Bypass
Spoofing
Denial of Service
Information Disclosure
Remote Code Execution

CVE-2024-38080 is being exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

 

CVE-2024-38112 is being exploited in the wild.  This vulnerability can be exploited to perform spoofing on Windows MSHTML platform.

Extended Security Updates (ESU)Medium Risk Medium RiskSecurity Restriction Bypass
Spoofing
Denial of Service
Elevation of Privilege
Remote Code Execution
Information Disclosure
 
Developer ToolsMedium Risk Medium RiskRemote Code Execution
Denial of Service
Elevation of Privilege
 
SQL ServerMedium Risk Medium RiskRemote Code Execution 
Microsoft OfficeHigh Risk High RiskRemote Code Execution
Information Disclosure
Spoofing
CVE-2024-38094 is being exploited in the wild.  An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.
AzureMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
Spoofing
 
System CenterMedium Risk Medium RiskElevation of Privilege 

 

Number of ‘Extremely High Risk’ product(s): 0

Number of ‘High Risk’ product(s): 2

Number of ‘Medium Risk’ product(s): 6

Number of ‘Low Risk’ product(s): 0

Evaluation of overall ‘Risk Level’: High Risk

RISK: High Risk

TYPE: Operating Systems – Windows OS

TYPE: Windows OS

Impact

  • Information Disclosure
  • Elevation of Privilege
  • Security Restriction Bypass
  • Spoofing
  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Microsoft Dynamics
  • Windows
  • Extended Security Updates (ESU)
  • Developer Tools
  • SQL Server
  • Microsoft Office
  • Azure
  • System Center

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier


Source


Related Link

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.